Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 70040 invoked from network); 13 Oct 2009 07:13:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 13 Oct 2009 07:13:12 -0000 Received: (qmail 85850 invoked by uid 500); 13 Oct 2009 07:13:08 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 85766 invoked by uid 500); 13 Oct 2009 07:13:08 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 85755 invoked by uid 99); 13 Oct 2009 07:13:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Oct 2009 07:13:08 +0000 X-ASF-Spam-Status: No, hits=-2.6 required=5.0 tests=BAYES_00 X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of peter.crowther3@googlemail.com designates 209.85.219.216 as permitted sender) Received: from [209.85.219.216] (HELO mail-ew0-f216.google.com) (209.85.219.216) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Oct 2009 07:13:06 +0000 Received: by ewy12 with SMTP id 12so2259078ewy.0 for ; Tue, 13 Oct 2009 00:12:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type; bh=9tpM8B/EwcEX7XB0CIhiBI1C5h2xVV+xYIXhyilxFXQ=; b=RFl4LCxlgZOCBhsvGuiq2b9ijJysrKSXwBJmFs/TI1doN/WHFXK3KaMCzXNrjIEeen FUFWoKuXPKwSE063rdT/QUrTC1GzBUvkO3KYUxMr/pHn11uObDO3+5iSENcsmRBoZu8n E1eGF5YZiEjjuNpaLYOIoXPxh3YL3x2S2AlMI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; b=YKzVJXVFs9D1GIfjDLUgFrJ2SqxTYmFBi2k0QROxh0hNzHzeU3JxYsgrF8j17Q7MT0 /A4vXNxkwAzduWzqygzR2RD+CE+CA3A7YTcNdZMuG5ZShVlf1iRYb+qpMl+DBQc0GF3C CHLB8uH1IsYz0qd3F8t8sffuGqV/nImXKppsI= MIME-Version: 1.0 Sender: peter.crowther3@googlemail.com Received: by 10.216.86.213 with SMTP id w63mr2222023wee.71.1255417964317; Tue, 13 Oct 2009 00:12:44 -0700 (PDT) In-Reply-To: <25866870.post@talk.nabble.com> References: <485227C2.90400@ice-sa.com> <25866870.post@talk.nabble.com> Date: Tue, 13 Oct 2009 08:12:44 +0100 X-Google-Sender-Auth: edca921745845605 Message-ID: Subject: Re: SSL/HTTPS forwarding under Apache + mod_jk + tomcat From: Peter Crowther To: Tomcat Users List Content-Type: text/plain; charset=ISO-8859-1 [This should really be a new thread, but...] 2009/10/13 Tezza : > I got 1 apache and 2 tomcat servers (all on different machines). > I already got SSL set up on individual Tomcat machines to work on port 8443. > There is no SSL installed on Apache. > I got mod_jk installed on apache to forward "all" HTTP requests to tomcat > servers for load balancing. It works fine. > > I like to also forward all HTTPS requests to tomcat servers. > > Question: > Do I must install certificate (SSL) on apache server? Yes. > and remove from tomcat servers??? No need - they're not doing any harm, they just won't be used in your environment. > If possible: I prefer to leave SSL on tomcat servers, and just tell apache > to forward all HTTPS to tomcats just like HTTP. My tomcat servers will > handle the workload fine with https. Can it be done? No. If your clients use SSL to httpd, httpd must be able to handle the SSL connection - mod_jk has no way of forwarding raw encrypted data to Tomcat. Therefore httpd must have SSL set up locally - including the certificate. - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org